������
�����
���
|
|
������� | ������������ | ����� | ������ | �������� | |
|
���� | ��������� | ������ | �������� ����� | ����� | ||
|
�������
������
�����
���
|
|||
������������ DrWeb ��� ��������� Sendmail �� Linux(n) �������� �������, ���, 2002 ������� ����:
������������ �� ������������ ������������ �������� [root@mailer wrk]# rpm -i drweb-4.29.2-glibc.2.2.i386.rpm � ��������� ��������: /opt/drweb - ������� ����
/etc/drweb - ����� �����������
/etc/rc.d/init.d/drwebd - ��������� ������
/var/drweb - ������ ����
!!! RTFM - ��� �� ������ ��������� !!! [root@mailer wrk]# ln -s /etc/drweb /opt/drweb
��������� ����������� [root@mailer wrk]# useradd -d /dev/null -s /bin/false drweb
[root@mailer wrk]# cat /etc/passwd | grep drweb
drweb:x:547:547::/dev/null:/bin/false
[root@mailer drweb]# chown -R drweb.drweb /opt/drweb
[root@mailer drweb]# chown -R drweb.drweb /var/drweb���������� �� �����: [root@mailer wrk]# cd /opt/drweb
[root@mailer drweb]# ./drweb
Dr.Web (R) for Linux, version 4.29.2 (November 5, 2002)
Copyright (c) Igor Daniloff, 1992-2002
Daniloff's Labs and DialogueScience
http://www.drweb.ru, [email protected]: +7 (812) 387-64-08
http://www.dials.ru, [email protected]: +7 (095) 137-01-50
Key file: /opt/drweb/drweb.key
Registration info:
0100005167
Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
This is an EVALUATION version with limited functionality!
To get your registration key, call regional dealer.
Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 31578���� ���� ����� �����: Key file: /opt/drweb/drweb.key
Registration info:
XXXXXXXXXX������� � �������� � ������������ ������ ���� ���� ������ �����: Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 31578
������� � �������� � ������� ����������� ����������: �� ��������
䳿 ����������� � ������� ������. ��� ���������� ����� ����
��������������� ������. ��� �������� ������ �����
������������ ����������� �������� ������������. ³� �������� (�
��������) � ���� [root@mailer drweb]# cat doc/readme.eicar | grep X5O! >virtest � ���� ��������� ��������������: [root@mailer drweb]# ./drweb virtest
Dr.Web (R) for Linux, version 4.29.2 (November 5, 2002)
Copyright (c) Igor Daniloff, 1992-2002
Daniloff's Labs and DialogueScience
http://www.drweb.ru, [email protected]: +7 (812) 387-64-08
http://www.dials.ru, [email protected]: +7 (095) 137-01-50
Key file: /opt/drweb/drweb.key
Registration info:
0100005167
Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
This is an EVALUATION version with limited functionality!
To get your registration key, call regional dealer.
Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 31578
/opt/drweb/virtest infected with EICAR Test File (NOT a Virus!)
Scan report for "/opt/drweb/virtest":
Scanned : 1 Cured : 0
Infected : 1 Deleted : 0
Modifications : 0 Renamed : 0
Suspicious : 0 Moved : 0
Scan time : 00:00:00 Scan speed : 1 Kb/s
�� �� ����������� ������������� � ����
ϳ�������� ������������ ���������
� ������ -->--------------------------------------<-- --- drweb32.ini.orig Tue Nov 5 00:44:48 2002 +++ drweb32.ini Tue Nov 12 12:46:13 2002 @@ -18,6 +18,9 @@ InfectedFiles = Report SuspiciousFiles = Report IncurableFiles = Report +ActionInfectedArchive = move +ActionInfectedMail = move +ActionInfectedContainer = move ExcludePaths = LogToFile = Yes OverwriteLog = No -->--------------------------------------<--
����������: ��� ������������ �������� �����
�������� �� ���, ���� ������ �������� �������� ����� �
���������. ����������� ������� ��������� �������� �����������
( �� � ������ -->--------------------------------------<-- --- drweb32.ini.orig Tue Nov 5 00:44:48 2002 +++ drweb32.ini Tue Nov 12 12:46:13 2002 @@ -68,10 +71,12 @@ LogPacked = Yes Interfaces = "localhost" ;User = drweb -;UserID = -;GroupID = +UserID = 547 +GroupID = 547 ScanFiles = All MaxCompressionRatio = 20 +MaxFileSizeToExtract = 5000 MaxChildren = 16 SyslogFacility = "Daemon" SyslogPriority = "Alert" -->--------------------------------------<--
����������: � �� ��������������
������������ �����, �����, �������� �������������� ���������������: -->--------------------------------------<-- --- drweb32.ini.orig Tue Nov 5 00:44:48 2002 +++ drweb32.ini Tue Nov 12 12:46:13 2002 @@ -79,6 +84,11 @@ FilterRule X-Mailer ".*Mass.*Sender.*" Reject FilterRule To ".*undisclosed.*recipient.*" Reject FilterRule Subject ".*free.*xxx.*" Reject +FilterRule Subject ".*viagra.*" Reject +FilterRule Subject ".*pennis.*" Reject +FilterRule Subject ".*money.*" Reject +FilterRule From ".*Sarah.*Williams.*" Reject UpdatePath = "/opt/drweb/updates" -->--------------------------------------<-- ������ ������ ���������. ������������ ��������� ��������: [root@mailer drweb]# /etc/rc.d/init.d/drwebd start
Starting Dr. Web daemon...Dr.Web (R) daemon for Linux, version 4.29.2 (November 5, 2002)
Copyright (c) Igor Daniloff, 1992-2002
Daniloff's Labs and DialogueScience
http://www.drweb.ru, [email protected]: +7 (812) 387-64-08
http://www.dials.ru, [email protected]: +7 (095) 137-01-50
Key file: /opt/drweb/drwebd.key
Registration info:
0100005168
Evaluation Key (ID Anti-Virus Lab. Ltd, St.Petersburg)
This is an EVALUATION version with limited functionality!
To get your registration key, call regional dealer.
Loading /var/drweb/bases/drwebase.vdb - Ok, virus records: 31578
Daemon is installed, TCP socket created on port 3000
� ��� ����������� ������� ����� ������� �������
������ ( [root@mailer drweb]# netstat -napl | grep drweb
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN 6697/drwebd
unix 2 [ ] DGRAM 348573 6697/drwebd ���������� ���� ������: [root@mailer drweb]# clients/drwebdc -fvirtest
Results: daemon return code 0x10020 (known virus is found)�� ������, �����, ���'����� ������ ������� ��������� ����������� ���. ����������� ���������
����������� ���, ��� ���������� �� ��������� �������
����� ���������� ���� � ������ ������������: [root@mailer drweb]# cd ~/wrk
[root@mailer wrk]# rpm -i perl-String-CRC32-1.2-15.i386.rpm��� � ������: [root@mailer drweb]# cd ~/wrk
[root@mailer wrk]# tar xzvf String-CRC32-1.2.tar.gz
String-CRC32-1.2/
...
String-CRC32-1.2/CRC32.pod
[root@mailer wrk]# cd String-CRC32-1.2
[root@mailer String-CRC32-1.2]# perl Makefile.PL INSTALLDIRS=vendor
Checking if your kit is complete...
Looks good
Writing Makefile for String::CRC32
[root@mailer String-CRC32-1.2]# make && make test
cp CRC32.pm blib/lib/String/CRC32.pm
...
All tests successful.
Files=1, Tests=27, 0 wallclock secs ( 0.08 cusr + 0.01 csys = 0.09 CPU)
[root@mailer String-CRC32-1.2]# make install UNINST=1
Installing /usr/lib/perl5/vendor_perl/5.6.1/i386-linux/auto/String/CRC32/CRC32.so
...
Appending installation info to /usr/lib/perl5/5.6.1/i386-linux/perllocal.pod
����������: ���������� ����������� ��� ���������: [root@mailer wrk]# su drweb -s /bin/sh -c /opt/drweb/update/update.pl
[root@mailer wrk]# ll /var/drweb/bases
mtotal 700
-rw-r--r-- 1 drweb drweb 7853 ��� 30 18:45 drw42901.vdb
-rw-r--r-- 1 drweb drweb 5130 ��� 3 23:45 drw42902.vdb
-rw-r--r-- 1 drweb drweb 3994 ��� 10 23:00 drw42903.vdb
-rw-r--r-- 1 drweb drweb 12475 ��� 21 00:38 drw42904.vdb
-rw-r--r-- 1 drweb drweb 8130 ��� 24 23:40 drw42905.vdb
-rw-r--r-- 1 drweb drweb 7564 ��� 1 23:06 drw42906.vdb
-rw-r--r-- 1 drweb drweb 5568 ��� 8 22:35 drw42907.vdb
-rw-r--r-- 1 drweb drweb 644617 ��� 5 00:44 drwebase.vdb
-rw-r--r-- 1 drweb drweb 1794 ��� 11 08:35 drwtoday.vdb
[root@mailer wrk]# ll /opt/drweb/updates
total 28
-rw-r--r-- 1 drweb drweb 2318 ��� 4 00:32 drw42902.txt
-rw-r--r-- 1 drweb drweb 1601 ��� 10 23:28 drw42903.txt
-rw-r--r-- 1 drweb drweb 6064 ��� 18 11:42 drw42904.txt
-rw-r--r-- 1 drweb drweb 2880 ��� 24 23:40 drw42905.txt
-rw-r--r-- 1 drweb drweb 3279 ��� 1 23:06 drw42906.txt
-rw-r--r-- 1 drweb drweb 1398 ��� 8 23:07 drw42907.txt
����������� ��������� ��������� �� ���������
������� -->--------------------------------------<-- #!/bin/sh su drweb -s /bin/sh -c /opt/drweb/update/update.pl -->--------------------------------------<-- ����� ������� �볺��� ��� sendmail. ��� ���� ������ ������� ��������
���������� ��������� ���������� ������ �� ������ �������� � �����: [root@mailer wrk]# rpm -ql sendmail-devel | grep milter
/usr/include/libmilter/mfapi.h
/usr/lib/libmilter.a������� �볺���: [root@mailer wrk]# tar xzvf drweb-clients-4.29-sources.tar.gz
drweb-clients-4.29-sources/
drweb-clients-4.29-sources/addons/
...
drweb-clients-4.29-sources/etc/smb_spider.conf
[root@mailer wrk]# cd drweb-clients-4.29-sources
[root@mailer drweb-clients-4.29-sources]# ln -s /usr/lib/libmilter.a lib/libmilter.a
[root@mailer drweb-clients-4.29-sources]# ln -s /usr/lib/libsmutil.a lib/libsmutil.a
[root@mailer drweb-clients-4.29-sources]# ln -s /usr/include/libmilter include
[root@mailer drweb-clients-4.29-sources]# ./configure
Do you want compile Sendmail filter ? [y or n]
[default=y]:y
Do you use Sendmail version 8.11 ? [y or n]
[default=n]:y
...
Do you want compile commandline client ? [y or n]
[default=y]:y
...
Enter compiler flags
[default=-O2 -Wall -pipe]:
----------------------
Configuration Summary:
OS type = Linux
Milter version = FFR
Milter include dir = include/libmilter
Sendmail util library = lib/libsmutil.a (-lsmutil)
Compiler flag(s) = -O2 -Wall -pipe
Configuration is okey ? [y or n]
[default=y]:y
Creating Makefile ... [.] [src]Done.
[root@mailer drweb-clients-4.29-sources]# make
gcc -c -O2 -Wall -pipe -D__UNIX_DW -DLinux_DW -I./include...
...
gcc dw_md5.o dw_users.o dwsm_dfork.o dwsm_opt.o dwsm_file.o...������� �볺��� � �������� �������: [root@mailer drweb-clients-4.29-sources]# strip drweb-smf
[root@mailer drweb-clients-4.29-sources]# strip drwebdc
[root@mailer drweb-clients-4.29-sources]# cp drweb-smf /opt/drweb
[root@mailer drweb-clients-4.29-sources]# cp drwebdc /opt/drweb� ��� ��� ������������ � ������� ������������: [root@mailer drweb-clients-4.29-sources]# cp etc/drweb_smf.conf /etc/drweb
[root@mailer drweb-clients-4.29-sources]# cp -R templates /etc/drweb
[root@mailer drweb-clients-4.29-sources]# cd ..
����������� ���� ���������� ����������� �볺���: -->--------------------------------------<-- --- drweb_smf.conf.orig Wed Dec 11 16:53:23 2002 +++ drweb_smf.conf Wed Dec 11 16:59:19 2002 @@ -50,7 +50,7 @@ LocalScan = yes # Enable or disable spam-filter (on/off) -SpamFilter = off +SpamFilter = on # User account used by filter FilterAccount = drweb @@ -95,7 +95,7 @@ # pass - pass such messages # discard - discard such messages # reject - reject such message -SpamFilterAlert = pass +SpamFilterAlert = reject # EmptyFrom - mean that SMTP session initiated with empty envelope From: # used for mail notifications (reports) and by spammers @@ -108,7 +108,8 @@ # # discard - discard such messages # reject - reject such message -EmptyFrom = continue +#EmptyFrom = continue +EmptyFrom = reject # SkipObject - mean that daemon found object that cannot be checked: # password protected archive, broken archive, sym-link, @@ -147,10 +148,10 @@ ProcessingErrors = reject # Admin mail address (may be unix-local address) -AdminMail = [email protected] +AdminMail = [email protected] # Filter address, that be used in From: -FilterMail = [email protected] +FilterMail = [email protected] # Quarantine directory. # The infected files could be moved in that dir @@ -176,7 +177,8 @@ # Text string used for generate notification hashes, # used only if FastNotify = Yes # PLEASE EDIT - !!! SECURITY CRITICAL !!! -NotifyHashSalt = !!!___EDIT_THIS___!!! +#NotifyHashSalt = !!!___EDIT_THIS___!!! +NotifyHashSalt = !!! ���� �������� !!! [VirusNotifications] # Enable or disable sending notifications to the persons (yes/no) @@ -185,32 +187,32 @@ RcptsNotify = yes # Files with notification templates -AdminTemplate = /etc/drweb/templates/en-ru/sendmail/virus-admin.msg -SenderTemplate = /etc/drweb/templates/en-ru/sendmail/virus-sender.msg -RcptsTemplate = /etc/drweb/templates/en-ru/sendmail/virus-rcpts.msg +AdminTemplate = /etc/drweb/templates/uk-en/sendmail/virus-admin.msg +SenderTemplate = /etc/drweb/templates/uk-en/sendmail/virus-sender.msg +RcptsTemplate = /etc/drweb/templates/uk-en/sendmail/virus-rcpts.msg [SkipNotifications] AdminNotify = no SenderNotify = yes RcptsNotify = no AdminTemplate = -SenderTemplate = /etc/drweb/templates/en-ru/sendmail/skip-sender.msg +SenderTemplate = /etc/drweb/templates/uk-en/sendmail/skip-sender.msg RcptsTemplate = [MailbombNotifications] AdminNotify = yes SenderNotify = yes RcptsNotify = no -AdminTemplate = /etc/drweb/templates/en-ru/sendmail/mailbomb-admin.msg -SenderTemplate = /etc/drweb/templates/en-ru/sendmail/mailbomb-sender.msg +AdminTemplate = /etc/drweb/templates/uk-en/sendmail/mailbomb-admin.msg +SenderTemplate = /etc/drweb/templates/uk-en/sendmail/mailbomb-sender.msg RcptsTemplate = [ErrorNotifications] AdminNotify = yes SenderNotify = yes RcptsNotify = no -AdminTemplate = /etc/drweb/templates/en-ru/sendmail/error-admin.msg -SenderTemplate = /etc/drweb/templates/en-ru/sendmail/error-sender.msg +AdminTemplate = /etc/drweb/templates/uk-en/sendmail/error-admin.msg +SenderTemplate = /etc/drweb/templates/uk-en/sendmail/error-sender.msg RcptsTemplate = ################### -->--------------------------------------<--
��� ���������� �볺��� ��������� ��������� ������
-->--------------------------------------<--
#!/bin/sh
#
# $Id: template.initscript,v 1.8 2002/05/15 16:41:27 cvser Exp $
#
# description: Dr.Web for Sendmail is a antivirus filter
# for e-mails that comes thru SMTP protocol
#
# chkconfig: 2345 79 31
# processname: drweb-smf
# Use these if cannot found functions
dw_daemon() {
ulimit -c 0
$*
return $?
}
dw_killproc() {
killall $2 $1 >/dev/null 2>&1
return $?
}
dw_status() {
killall -0 $1 >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo "$1 is running..."
return 0
else
echo "$1 is not running."
return 1
fi
}
# Source function library.
if [ -f /etc/rc.d/init.d/functions ] ; then
. /etc/rc.d/init.d/functions
PROC_DAEMON="daemon"
PROC_KILL="killproc"
PROC_STATUS="status"
MSG_START="Starting drweb for sendmail: "
MSG_RELOAD="Reload drweb for sendmail: "
MSG_STOP="Shutdowning drweb for sendmail: "
MSG_WAIT="Wait for shutdown drweb for sendmail: "
else
PROC_DAEMON="dw_daemon"
PROC_KILL="dw_killproc"
PROC_STATUS="dw_status"
MSG_START=" drweb-sendmail"
MSG_RELOAD="Reload drweb-sendmail"
MSG_STOP=" drweb-sendmail"
MSG_WAIT=" drweb-sendmail(wait)"
fi
if [ ! -f "/opt/drweb/drweb-smf" ] ; then
echo "DrWeb Sendmail Filter not found"
return 1
fi
RETVAL=0
FILTER_UNIX="no"
FILTER_SOCKET=
start() {
# Start daemons.
echo -n $MSG_START
[ "x$FILTER_UNIX" = "xyes" ] && rm -f $FILTER_SOCKET
$PROC_DAEMON /opt/drweb/drweb-smf
RETVAL=$?
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $MSG_STOP
$PROC_KILL drweb-smf
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
if [ "x$FILTER_UNIX" = "xyes" ] ; then
RETRY=3
while [ -f $FILTER_SOCKET -a $RETRY -gt 0 ] ; do
if [ $RETRY -lt 3 ] ; then
echo
echo $MSG_WAIT
fi
sleep 1
RETRY=$(($RETRY-1))
done
if [ -f $FILTER_SOCKET ] ; then
RETVAL=70
fi
else
# Cannot check inet socket
# For future: use pidfile
sleep 3
fi
fi
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
RETVAL=$?
;;
stop)
stop
RETVAL=$?
;;
restart)
stop
start
RETVAL=$?
;;
status)
$PROC_STATUS drweb-smf
RETVAL=$?
;;
*)
echo "Usage: $0 { start | stop | restart | status }"
exit 1
esac
exit $RETVAL
-->--------------------------------------<--�� ��������� � ��������� ����: [root@mailer wrk]# chkconfig --add drweb-sendmail
[root@mailer wrk]# chkconfig --list drweb-sendmail
drweb-sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@mailer wrk]# /etc/rc.d/init.d/drweb-sendmail start
��� ���������� �볺��� �� sendmail ������
�������� � -->--------------------------------------<-- --- sendmail.mc.old Mon Jun 10 00:00:00 2002 +++ sendmail.mc Wed Dec 11 16:39:21 2002 @@ -60,3 +60,7 @@ MAILER(smtp)dnl MAILER(procmail)dnl Cwlocalhost.localdomain +define(`_FFR_MILTER',1)dnl +MAIL_FILTER(`drweb-filter',`S=inet:[email protected],F=T,T=S:5m;R:5m;E:1h')dnl +define(`confINPUT_MAIL_FILTERS', `drweb-filter')dnl +dnl define(`confMILTER_LOG_LEVEL', `1')dnl -->--------------------------------------<--
�� ���������� ����� [root@mailer wrk]# m4 /etc/mail/sendmail.mc /etc/sendmail.cf ������������� sendmail: [root@mailer wrk]# /etc/rc.d/init.d/sendmail restart
|
 |
|
||||
| © 2000-2003, ���, ������� �������� -- ���� �� ����������, �������� ����������� -- ����� ������, ��i���� -- 08.06.2003 14:29:35 | |||||
